If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Use it wisely!

1st of all IT'S YOUR PURPOSE LEGAL? YOU USE IT ON YOUR OWN PC? IF NO IS THE ANSWER, WE CAN'T HELP YOU!, GET THE H**L(sry moderators) OUT OF HERE, but if your answer is "YES, it's legal" than I will help you:

You can do this from the windows box too, but we're talking about Backtrack:
>>all the instruction are done from shell, in /tmp folder<<

Boot in backtrack and make sure your windows harddrive is mounted:
suppose the windows hdd is "/dev/hda1"

Code:

mount /dev/hda1 /mnt/hda1

First you must to "extract" the key of the system which is in the "system" file located on the windows hdd

Code:

bkhive /mnt/sda1/WINDOWS/system32/config/SAM saved-systemkey

Now we must dump the SAM file using samdump2:

Code:

samdump2 saved-systemkey passwordhashfile

And in the end we use the well known john the ripper:

Code:

john -i passwordhashfile

Keep in mind, if you use BT4b you will need SSE2 capable CPU to use john( I just found out now when I tested the given instructions to be sure just in case )

BUT, if you have installed windows xp as default and you don't typed a administrator password in installer than it's much easier to boot in safe mode( pressing F8 before windows boots) and login in the "Administrator" account and just remove the password from control panel>user accounts>[your account].

Like my DSA teacher always says: "K.I.S.S.--keep it simple,stupid--"
THIS IS FOR EDUCATIONAL PURPOSES ONLY AND YOU ARE RESPONSIBLE FOR YOUR OWN ACTIONS

1st of all IT'S YOUR PURPOSE LEGAL? YOU USE IT ON YOUR OWN PC? IF NO IS THE ANSWER, WE CAN'T HELP YOU!, GET THE H**L(sry moderators) OUT OF HERE, but if your answer is "YES, it's legal" than I will help you:

Well if it was for doing something illegal you just gave away the keys to the kingdom as it were. So why bother to even ask?

1st of all IT'S YOUR PURPOSE LEGAL? YOU USE IT ON YOUR OWN PC? IF NO IS THE ANSWER, WE CAN'T HELP YOU!, GET THE H**L(sry moderators) OUT OF HERE, but if your answer is "YES, it's legal" than I will help you:

you can also in a cmd.exe given if cmd isnt disabled do @ next point in time /interatctive cmd.exe when the new cmd window pops up kill explorer.exe then in the new interactive window type explorer.exe and you will gain full system root higher access then even an admin account

If he want to break the law, he will do it anyway.
Telling him that the info's are not for any illegal purpose, I'm "released" from any responsibility about how he uses the tips I posted

Im pretty sure that is not the case. Under your 'rules' I could show people how to create explosive devices, provide access to the tools, and the sources for the componant parts, and as long as I told them not to kill anyone, I'd be scott free !!!

I thnk we have found a loophole in the anti-terrorist laws!

I also think the mods would spend less time kicking people who talk about illegal activity, if there are no repercussions, why would they bother?

you can also in a cmd.exe given if cmd isnt disabled do @ next point in time /interatctive cmd.exe when the new cmd window pops up kill explorer.exe then in the new interactive window type explorer.exe and you will gain full system root higher access then even an admin account

By "@" do you mean "at", as in the at scheduler? Is it really so hard to type two letters that you felt you had to abbreviate that?

Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".